init

.flake8

@@ -0,0 +1,25 @@
+[flake8]
+# Increase the max line length to 120 characters
+max-line-length = 120
+
+# Ignore specific errors/warnings:
+# E501: Line too long
+# W291: Trailing whitespace
+# E128: Continuation line under-indented for visual indent
+# E126: Continuation line over-indented for hanging indent
+# E127: Continuation line over-indented for visual indent
+# W503: Line break occurred before a binary operator
+# E266: Too many leading '#' for block comment
+ignore = E501, W291, E128, E126, E127, W503, E266, W605, C901
+
+# Exclude some directories from checking
+exclude =
+    .git,
+    __pycache__,
+    build,
+    dist,
+    .venv
+
+
+# Maximum allowed complexity for functions
+max-complexity = 10

.github/workflows/ci.yml

@@ -1,53 +1,79 @@
-stages:
-  - lint
-  - test
-  - build
-  - deploy
+name: CI/CD Pipeline
 
-variables:
-  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache"
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
 
-cache:
-  paths:
-    - .pip-cache/
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8
+    - name: Lint with flake8
+      run: flake8 .
 
-lint:
-  stage: lint
-  image: python:3.9
-  before_script:
-    - pip install flake8
-  script:
-    - flake8 .
-
-test:
-  stage: test
-  image: python:3.9
-  before_script:
-    - pip install -r requirements.txt
-    - pip install pytest pytest-cov
-  script:
-    - pytest tests/ --cov=./ --cov-report=xml
-  artifacts:
-    reports:
-      coverage_report:
-        coverage_format: cobertura
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install pytest pytest-cov
+    - name: List directory contents
+      run: ls -R
+    - name: Run tests
+      run: |
+        export PYTHONPATH=$PYTHONPATH:$(pwd)
+        pytest tests/ -v --cov=./ --cov-report=xml
+    - name: Upload coverage report
+      uses: actions/upload-artifact@v2
+      with:
+        name: coverage-report
         path: coverage.xml
 
-build:
-  stage: build
-  image: python:3.9
-  script:
-    - pip install pyinstaller
-    - pyinstaller --onefile main.py
-  artifacts:
-    paths:
-      - dist/main
+  build:
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pyinstaller
+    - name: Build executable
+      run: pyinstaller --onefile main.py
+    - name: Upload artifact
+      uses: actions/upload-artifact@v2
+      with:
+        name: abap-code-scanner
+        path: dist/main
 
-deploy:
-  stage: deploy
-  image: python:3.9
-  script:
-    - echo "Deploying application..."
-    # Add your deployment steps here
-  only:
-    - main  # This job will only run on the main branch
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - name: Deploy application
+      run: |
+        echo "Deploying application..."
+        # Add your deployment steps here

README.md

@@ -0,0 +1,104 @@
+# ABAP Code Scanner Framework
+
+## Overview
+
+The ABAP Code Scanner Framework is a powerful tool designed to analyze ABAP (Advanced Business Application Programming) code for potential security vulnerabilities, code quality issues, and best practice violations. This framework provides a flexible and extensible way to scan ABAP code and generate comprehensive reports on various aspects of code security and quality.
+
+## Features
+
+- Multiple security checks including:
+  - Cross-Site Scripting (XSS) vulnerabilities
+  - Directory Traversal vulnerabilities
+  - Hardcoded credentials
+  - Weak cryptographic algorithms
+  - And many more...
+- Customizable and extensible architecture
+- Command-line interface for easy integration into CI/CD pipelines
+- Detailed reporting in XLSX format
+- Configurable scan settings
+
+## Prerequisites
+
+- Python 3.9 or higher
+- pip (Python package installer)
+
+## Installation
+
+1. Clone the repository:
+   ```
+   git clone https://github.com/yourusername/AbapCodeScannerFramework.git
+   cd AbapCodeScannerFramework
+   ```
+
+2. Install the required dependencies:
+   ```
+   pip install -r requirements.txt
+   ```
+
+## Usage
+
+To run the ABAP Code Scanner:
+
+```
+python main.py path/to/abap/code
+```
+
+Optional arguments:
+- `-c`, `--config`: Path to the configuration file (default: config.yml)
+
+## Configuration
+
+The scanner can be configured using a YAML file. By default, it looks for `config.yml` in the project root. You can specify a different configuration file using the `-c` or `--config` option.
+
+Example configuration:
+
+```yaml
+checks:
+  - CheckCrossSiteScripting
+  - CheckSQLInjection
+  - CheckDirectoryTraversal
+
+file_extensions:
+  - .abap
+  - .txt
+
+exclude_patterns:
+  - "**/test/**"
+```
+
+## Adding New Checks
+
+To add a new security check:
+
+1. Create a new Python file in the `checks` directory.
+2. Define a class that inherits from a base check class.
+3. Implement the required methods, including the main `run` method.
+4. Add the new check to the configuration file.
+
+## Running Tests
+
+To run the test suite:
+
+On Windows:
+```
+run_tests.bat
+```
+
+On Unix-like systems:
+```
+./run_tests.sh
+```
+
+## Contributing
+
+Contributions to the ABAP Code Scanner Framework are welcome! Please feel free to submit pull requests, create issues or spread the word.
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## Acknowledgments
+
+- Thanks to all contributors who have helped to improve this framework.
+- Special thanks to the ABAP community for their invaluable resources and documentation.
+

checks/CheckAbapOutgoingFtpConn.py

@@ -1,16 +1,17 @@
-# checks/check_abap_outgoing_ftp_conn.py
-
 import re
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckAbapOutgoingFtpConn:
     title = "Outgoing FTP Connection"
+    confidence = "Definitive"
     severity = "Low"
     vulnerability_type = "Unencrypted Communications"
 
@@ -26,4 +27,3 @@ def run(self, file_content: str) -> List[CheckResult]:
             line_number = file_content[:match.start()].count('\n') + 1
             return [CheckResult(line_number, match.group().strip())]
         return []
-

checks/CheckBrokenAuthCheck.py

@@ -1,5 +1,3 @@
-# checks/check_broken_auth_check.py
-
 import re
 from dataclasses import dataclass
 from typing import List

checks/CheckCallTransformation.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckCallTransformation:
     title = "XML Injection via \"CALL TRANSFORMATION\""
     severity = "High"

checks/CheckCrossSiteScripting.py

@@ -1,14 +1,14 @@
-# checks/CheckCrossSiteScripting.py
-
 import re
 from dataclasses import dataclass
 from typing import List, Dict
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckCrossSiteScripting:
     title = "Potential Cross-Site Scripting vulnerability"
     severity = "High"
@@ -60,4 +60,4 @@ def run(self, file_content: str) -> List[CheckResult]:
                         results.append(CheckResult(i, line.strip()))
                         break  # Stop searching after finding the first vulnerability in the line
 
-        return results
+        return results

checks/CheckDangerousAbapCommands.py

@@ -1,14 +1,14 @@
-# checks/check_dangerous_abap_commands.py
-
 import re
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDangerousAbapCommands:
     title = "Dangerous ABAP statements"
     severity = "Medium"

checks/CheckDeleteDynpro.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDeleteDynpro:
     title = "Critical actions via deleting a screen"
     severity = "High"

checks/CheckDirectoryTraversalCRstrbReadBuffered.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalCRstrbReadBuffered:
     title = "Path Traversal - CALL C_RSTRB_READ_BUFFERED"
     severity = "Medium"
@@ -23,4 +25,4 @@ def run(self, file_content: str) -> List[CheckResult]:
             if self.pattern2.search(call_statement):
                 line_number = file_content[:match1.start()].count('\n') + 1
                 results.append(CheckResult(line_number, call_statement.strip()))
-        return results
+        return results